34 matches found
CVE-2026-32885
DDEV is an open-source tool for running local web development environments for PHP and Node.js. Versions prior to 1.25.2 have unsanitized extraction in both Untar and Unzip functions in pkg/archive/archive.go. Downloads and extracts archives from remote sources without path validation. Version...
LiteIDE 安全漏洞
LiteIDE X is a Go language code development tool developed by Seven Leaf individuals. Previous versions of LiteIDE X, such as 38.4, contained security vulnerabilities. These vulnerabilities were caused by inconsistent interpretation of HTTP requests, which could lead to issues with the http...
GHSA-524M-Q5M7-79MM Mailpit is vulnerable to Cross-Site WebSocket Hijacking (CSWSH) allowing unauthenticated access to emails
Summary The Mailpit WebSocket server is configured to accept connections from any origin. This lack of Origin header validation introduces a Cross-Site WebSocket Hijacking CSWSH vulnerability. An attacker can host a malicious website that, when visited by a developer running Mailpit locally,...
Arduino IDE 安全漏洞
Arduino IDE is an Arduino open source development tool. A security vulnerability exists in Arduino IDE versions prior to 2.3.7, which stems from a misconfiguration of security permissions and could result in bypassing macOS hardened runtime protections...
GHSA-Q279-JHRF-CC6V Ray is vulnerable to Critical RCE via Safari & Firefox Browsers through DNS Rebinding Attack
Summary Developers working with Ray as a development tool can be exploited via a critical RCE vulnerability exploitable via Firefox and Safari. Due to the longstanding decision by the Ray Development team to not implement any sort of authentication on critical endpoints, like the /api/jobs &...
Ray is vulnerable to Critical RCE via Safari & Firefox Browsers through DNS Rebinding Attack
Summary Developers working with Ray as a development tool can be exploited via a critical RCE vulnerability exploitable via Firefox and Safari. Due to the longstanding decision by the Ray Development team to not implement any sort of authentication on critical endpoints, like the /api/jobs &...
Garden
This is a repository for the Garden development tool, which automates workflows for Kubernetes application development and testing. The repository contains various configuration files, including .chglog/CHANGELOG.tpl.md, .circleci/config.yml, .circleci/continue-config.yml, and others. These files...
CVE-2024-46988
Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.40, Tuleap Enterprise Edition 15.13-3, and Tuleap Enterprise Edition 15.12-6, users might receive email notification with information they should not have access to...
The vulnerability of the Microsoft Visual Studio software development tool, related to access control deficiencies, allows attackers to escalate their privileges.
The vulnerability of the Microsoft Visual Studio software development tool is related to lack of access control. Exploiting this vulnerability can allow attackers to enhance their privileges...
[SECURITY] Fedora 41 Update: nodejs-nodemon-3.1.9-3.fc41
Simple monitor script for use during development of a node.js app. For use during development of a node.js based application. nodemon will watch the files in the directory in which nodemon was started, and if any files change, nodemon will automatically restart your node application. nodemon does...
[SECURITY] Fedora 40 Update: nodejs-nodemon-3.1.9-3.fc40
Simple monitor script for use during development of a node.js app. For use during development of a node.js based application. nodemon will watch the files in the directory in which nodemon was started, and if any files change, nodemon will automatically restart your node application. nodemon does...
[SECURITY] Fedora 42 Update: nodejs-nodemon-3.1.9-4.fc42
Simple monitor script for use during development of a node.js app. For use during development of a node.js based application. nodemon will watch the files in the directory in which nodemon was started, and if any files change, nodemon will automatically restart your node application. nodemon does...
ROS-20241021-03
Vulnerability of the tic4xprintcond function of the opcodes/tic4x-dis.c component of the GNU development tool Binutils is related to memory initialization errors. Exploitation of the vulnerability allows an attacker, acting remotely, to gain access to confidential data...
ROS-20240719-04
A vulnerability in the Microsoft .NET software platform and Microsoft software development tool Microsoft Visual Studio is related to post-release memory usage. Exploitation of the vulnerability could allow an attacker acting remotely to impact the confidentiality, integrity, and availability...
GHSA-V35G-4RRW-H4FW Symfony Cross-Site Request Forgery vulnerability in the Web Profiler
All 2.0.X, 2.1.X, 2.2.X, 2.3.X, 2.4.X, and 2.5.X versions of the Symfony WebProfiler bundle are affected by this security issue. This issue has been fixed in Symfony 2.3.19, 2.4.9, and 2.5.4. Note that no fixes are provided for Symfony 2.0, 2.1, and 2.2 as they are not maintained anymore...
ROS-20231115-04
Visual Studio Coden source code editor vulnerability related to improper control of code generation. code generation. Exploitation of the vulnerability may allow an attacker to execute arbitrary code Visual Studio Code source code editor vulnerability is related to insufficient protection of...
The vulnerability in the `pkgconf_tuple_parse` function (libpkgconf/tuple.c) of the pkgconf development tool, which is used for configuring compiler and assembler flags for development libraries. This vulnerability allows an attacker to cause a service failure.
The vulnerability of the pkgconftupleparse function in the library for configuring compiler and assembler flags for the pkgconf development tool is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability could allow an attacker to cause a system failu...
The vulnerability of Microsoft Visual Studio, a software development tool, stems from insufficient validation of input data. This allows attackers to trigger service failures.
The vulnerability of the Microsoft Visual Studio software development tool is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...
CVE-2021-36011
Adobe Illustrator version 25.2.3 and earlier is affected by a potential Command injection vulnerability when chained with a development and debugging tool for JavaScript scripts. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of th...
CVE-2020-15157
In containerd an industry-standard container runtime before version 1.2.14 there is a credential leaking vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer otherwise known as a “foreign...